| عنوان | Bdtask Flight Booking Software B2C Portal v3,1 Unrestricted File Upload |
|---|
| الوصف | The application's "Package Information" module in the B2C portal allows authenticated users to upload an image for a travel package. The file upload functionality fails to validate the file's extension or content type, permitting the upload of executable scripts (e.g., PHP web shells), which leads to Remote Code Execution. |
|---|
| المصدر | ⚠️ https://github.com/4m3rr0r/PoCVulDb/blob/main/README12.md |
|---|
| المستخدم | 4m3rr0r (UID 85795) |
|---|
| ارسال | 11/10/2025 03:47 PM (8 أشهر منذ) |
|---|
| الاعتدال | 25/10/2025 06:21 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 329893 [Bdtask Flight Booking Software حتى 3.1 Package Information /b2c/package-information تجاوز الصلاحيات] |
|---|
| النقاط | 18 |
|---|